On Friday, May 12th, a new virus called WannaCry started infecting systems all over the world. The virus is a type of ransomware, in which it encrypts the files on your computer and demands payment in order to regain access to them. The price for decryption is $300.
The virus spreads in numerous ways. The first way is by email. It can arrive in a suspicious-looking email from one of your friends because when the virus runs, it emails itself to all of your contacts. The second way is through your local network. It infects all the computers it can find on your network. The third way is through the internet. While the virus is active on your system, it searches for computers all around the world to infect. This is why the virus was able to spread so fast and infect many systems.
The virus uses an encryption algorithm that was stolen from the NSA and leaked two months ago known as EternalBlue. When word broke out that this happened, Microsoft quickly released a security patch for Windows that protects against the exploit, which therefore protects your computer from WannaCry. However, there were still a lot of people who didn’t have the update or were using an unsupported operating system like Windows Vista or XP, and they were easily infected. This really surprises me, because automatic updates are turned on by default on Windows, so people should have gotten the update before the threat hit.
On the same day that the threat hit, security researcher MalwareTips discovered the virus’s weakness, or “kill-switch.” When the virus runs, it checks to see if a certain domain name is registered. If it isn’t, then the virus is allowed to run. When MalewareTips registered the domain, the virus stopped spreading. However, this is not the end of WannaCry. New variants have been popping up without this kill-switch, and the virus has continued to spread. But with more and more people downloading the patch, the virus will eventually fade away.
Comments
Post a Comment